Vulnerabilities

CVE-2026-22812 - OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution - Full Analysis

2026-01-13 0 views admin
CVE-2026-22812 - OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution - Full Analysis

CVE ID : CVE-2026-22812 Published : Jan. 12, 2026, 11:15 p.m. | 1 hour, 35 minutes ago Description : OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Jan. 12, 2026
Attack Vector: local

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22812high

More from Vulnerabilities

CVE-2025-9427 - Admin reflected XSS - Guide

CVE-2025-9427 - Admin reflected XSS - Guide

2026-01-13 0
CVE-2025-14507 - EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - unauthenticated

CVE-2025-14507 - EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - unauthenticated

2026-01-13 0
CVE-2025-11669 - Broken Access Control

CVE-2025-11669 - Broken Access Control

2026-01-13 0
Update: CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

Update: CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component

2026-01-13 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views